{"id":353,"date":"2026-06-23T20:56:59","date_gmt":"2026-06-23T20:56:59","guid":{"rendered":"https:\/\/rbl.watch\/blog\/mta-sts-tls-rpt-nedir-zorunlu-tls-rehberi\/"},"modified":"2026-06-23T20:56:59","modified_gmt":"2026-06-23T20:56:59","slug":"mta-sts-tls-rpt-nedir-zorunlu-tls-rehberi","status":"publish","type":"post","link":"https:\/\/rbl.watch\/blog\/mta-sts-tls-rpt-nedir-zorunlu-tls-rehberi\/","title":{"rendered":"MTA-STS ve TLS-RPT Nedir? E-posta Trafi\u011finizi Zorunlu TLS ile \u015eifreleme Rehberi"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">SPF, DKIM ve DMARC e-postan\u0131n <em>kimli\u011fini<\/em> do\u011frular \u2014 ama mesaj sunucular aras\u0131nda giderken <em>\u015fifreli<\/em> gitti\u011fini garanti etmez. SMTP, \u015fifreleme zorunlulu\u011fu olmadan tasarland\u0131; STARTTLS ise &#8220;f\u0131rsat\u00e7\u0131&#8221; (opportunistic) \u00e7al\u0131\u015f\u0131r ve bir sald\u0131rgan taraf\u0131ndan devre d\u0131\u015f\u0131 b\u0131rak\u0131labilir (downgrade\/stripping sald\u0131r\u0131s\u0131), bu da e-postalar\u0131n\u0131z\u0131n d\u00fcz metin olarak dinlenmesine yol a\u00e7abilir. \u0130\u015fte <strong>MTA-STS<\/strong> tam burada devreye girer: alan ad\u0131n\u0131za gelen postada TLS&#8217;i <strong>zorunlu<\/strong> k\u0131lar. <strong>TLS-RPT<\/strong> ise bu s\u00fcre\u00e7teki ba\u015far\u0131s\u0131zl\u0131klar\u0131 raporlar. Bu rehberde ikisinin de ne oldu\u011funu ve ad\u0131m ad\u0131m nas\u0131l kurulaca\u011f\u0131n\u0131 anlat\u0131yoruz.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">MTA-STS Nedir?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">MTA-STS (Mail Transfer Agent Strict Transport Security), alan ad\u0131n\u0131za e-posta g\u00f6nderen sunuculara &#8220;<strong>bana yaln\u0131zca ge\u00e7erli bir TLS ba\u011flant\u0131s\u0131 \u00fczerinden teslimat yap<\/strong>&#8221; talimat\u0131n\u0131 veren bir standartt\u0131r. G\u00f6nderen sunucu, alan ad\u0131n\u0131z\u0131n MTA-STS politikas\u0131n\u0131 okur; MX sunucunuz ge\u00e7erli bir sertifikayla TLS sunam\u0131yorsa teslimat\u0131 yapmaz (enforce modunda). B\u00f6ylece d\u00fcz metin teslimat\u0131 ve TLS-stripping sald\u0131r\u0131lar\u0131 engellenir.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Neden Gerekli? STARTTLS&#8217;in Zay\u0131fl\u0131\u011f\u0131<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Klasik STARTTLS f\u0131rsat\u00e7\u0131d\u0131r: &#8220;TLS varsa kullan, yoksa d\u00fcz metin g\u00f6nder.&#8221; Araya giren bir sald\u0131rgan, sunucular aras\u0131ndaki STARTTLS reklam\u0131n\u0131 kald\u0131rarak ba\u011flant\u0131y\u0131 d\u00fcz metne <strong>d\u00fc\u015f\u00fcrebilir<\/strong> (downgrade). Bu durumda e-postalar\u0131n\u0131z \u015fifresiz iletilir ve okunabilir. MTA-STS, &#8220;TLS olmadan teslimat yok&#8221; diyerek bu a\u00e7\u0131\u011f\u0131 kapat\u0131r \u2014 g\u00f6nderen sunucu politikan\u0131z\u0131 bildi\u011fi i\u00e7in sald\u0131rgan TLS&#8217;i kald\u0131ramaz.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">MTA-STS Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u0130ki par\u00e7adan olu\u015fur:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DNS TXT kayd\u0131:<\/strong> <code>_mta-sts.alanadi.com<\/code> alt\u0131nda politikan\u0131n varl\u0131\u011f\u0131n\u0131 ve s\u00fcr\u00fcm\u00fcn\u00fc bildiren bir kay\u0131t.<\/li>\n<li><strong>HTTPS politika dosyas\u0131:<\/strong> <code>https:\/\/mta-sts.alanadi.com\/.well-known\/mta-sts.txt<\/code> adresinde, izin verilen MX&#8217;leri ve modu belirten bir dosya.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Politika dosyas\u0131ndaki <code>mode<\/code> \u00fc\u00e7 de\u011ferden biri olur:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>none:<\/strong> Politika yok\/iptal.<\/li>\n<li><strong>testing:<\/strong> Kurallar uygulanmaz ama ihlaller TLS-RPT ile raporlan\u0131r (g\u00fcvenli ba\u015flang\u0131\u00e7 modu).<\/li>\n<li><strong>enforce:<\/strong> TLS zorunlu; uymayan teslimat reddedilir.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">TLS-RPT (TLS Raporlama) Nedir?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">TLS-RPT, alan ad\u0131n\u0131za teslimat yapan sa\u011flay\u0131c\u0131lar\u0131n TLS ba\u011flant\u0131 sorunlar\u0131n\u0131 size raporlamas\u0131n\u0131 sa\u011flar. <code>_smtp._tls.alanadi.com<\/code> alt\u0131nda bir TXT kayd\u0131yla rapor adresinizi (genellikle bir e-posta veya HTTPS u\u00e7 noktas\u0131) bildirirsiniz. B\u00f6ylece &#8220;kimler bana TLS olmadan ula\u015fmaya \u00e7al\u0131\u015ft\u0131, sertifika hatas\u0131 ya\u015fad\u0131&#8221; gibi sorunlar\u0131 g\u00f6r\u00fcr ve sessiz teslimat kay\u0131plar\u0131n\u0131 erkenden yakalars\u0131n\u0131z. <strong>MTA-STS&#8217;i her zaman TLS-RPT ile birlikte kurun<\/strong> \u2014 \u00f6zellikle testing modunda g\u00f6r\u00fcn\u00fcrl\u00fck \u015fartt\u0131r.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ad\u0131m Ad\u0131m MTA-STS Kurulumu<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>MX&#8217;lerinizin TLS&#8217;ini do\u011frulay\u0131n.<\/strong> T\u00fcm MX sunucular\u0131n\u0131z, hostname&#8217;iyle e\u015fle\u015fen <strong>ge\u00e7erli bir TLS sertifikas\u0131<\/strong> sunmal\u0131d\u0131r. MX kay\u0131tlar\u0131n\u0131z\u0131 <a href=\"\/tools\/mx-lookup\">MX sorgulama arac\u0131yla<\/a> kontrol edin.<\/li>\n<li><strong>Politika dosyas\u0131n\u0131 yay\u0131mlay\u0131n.<\/strong> <code>mta-sts<\/code> alt alan ad\u0131n\u0131 HTTPS ile yay\u0131na al\u0131n ve <code>\/.well-known\/mta-sts.txt<\/code> dosyas\u0131n\u0131 koyun (version, mode, izinli mx&#8217;ler, max_age).<\/li>\n<li><strong>_mta-sts TXT kayd\u0131n\u0131 ekleyin.<\/strong> \u00d6rnek: <code>_mta-sts.alanadi.com TXT \"v=STSv1; id=2026062301\"<\/code> (politika de\u011fi\u015ftik\u00e7e id g\u00fcncellenir).<\/li>\n<li><strong>TLS-RPT ekleyin.<\/strong> <code>_smtp._tls.alanadi.com TXT \"v=TLSRPTv1; rua=mailto:tls-raporlari@alanadi.com\"<\/code><\/li>\n<li><strong>testing moduyla ba\u015flay\u0131n.<\/strong> Birka\u00e7 hafta raporlar\u0131 izleyin; sertifika\/MX sorunu yoksa <code>enforce<\/code> moduna ge\u00e7in.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">MX sunucunuzun g\u00fc\u00e7l\u00fc TLS yap\u0131land\u0131rmas\u0131 i\u00e7in y\u00f6netilen bir <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/zimbra-mail-sunucusu.html\" target=\"_blank\" rel=\"noopener\">Zimbra mail sunucusu<\/a> ve ge\u00e7erli sertifika i\u00e7in <a href=\"https:\/\/www.ihs.com.tr\/ssl\/\" target=\"_blank\" rel=\"noopener\">IHS SSL \u00e7\u00f6z\u00fcmleri<\/a> i\u015finizi kolayla\u015ft\u0131r\u0131r.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">MTA-STS, SPF\/DKIM\/DMARC&#8217;tan Fark\u0131 Nedir?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Bunlar farkl\u0131 katmanlarda \u00e7al\u0131\u015f\u0131r ve birbirini tamamlar:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SPF\/DKIM\/<a href=\"\/blog\/spf-dkim-ve-dmarc-nedir-e-posta-kimlik-dogrulama\/\">DMARC<\/a>:<\/strong> Mesaj\u0131n <em>kimli\u011fini<\/em> do\u011frular (kim g\u00f6nderdi, sahte mi).<\/li>\n<li><strong><a href=\"\/blog\/bimi-nedir-eposta-logo-dmarc-vmc-rehberi\/\">BIMI<\/a>:<\/strong> Do\u011frulanm\u0131\u015f kimlikle <em>marka logosunu<\/em> g\u00f6sterir.<\/li>\n<li><strong>MTA-STS\/TLS-RPT:<\/strong> Mesaj\u0131n <em>ta\u015f\u0131nmas\u0131n\u0131<\/em> \u015fifreler ve \u015fifresiz teslimat\u0131 engeller.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Yani MTA-STS, DMARC&#8217;\u0131n alternatifi de\u011fil; e-posta g\u00fcvenli\u011finizin <strong>ta\u015f\u0131ma \u015fifreleme<\/strong> aya\u011f\u0131d\u0131r. \u0130kisini birlikte kullanmak en sa\u011flam\u0131d\u0131r.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">S\u0131k Sorulan Sorular<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">MTA-STS g\u00f6nderdi\u011fim postalar\u0131 m\u0131, bana geleni mi korur?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Alan ad\u0131n\u0131z\u0131n MTA-STS politikas\u0131, <strong>size gelen<\/strong> postada TLS&#8217;i zorunlu k\u0131lar (g\u00f6nderen sunucular politikan\u0131z\u0131 okur). Giden postalar\u0131n\u0131z\u0131n \u015fifreli gitmesi i\u00e7in, g\u00f6nderdi\u011finiz alanlar\u0131n MTA-STS politikalar\u0131na g\u00f6nderen sunucunuzun uymas\u0131 gerekir \u2014 bu y\u00fczden standart kar\u015f\u0131l\u0131kl\u0131 yayg\u0131nla\u015ft\u0131k\u00e7a herkes kazan\u0131r.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">enforce moduna hemen ge\u00e7ebilir miyim?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u00d6nerilmez. \u00d6nce <code>testing<\/code> modunda TLS-RPT raporlar\u0131yla MX\/sertifika sorunlar\u0131n\u0131 ay\u0131klay\u0131n. Hatal\u0131 bir sertifika veya eksik MX ile do\u011frudan <code>enforce<\/code>&#8216;a ge\u00e7mek, size gelen me\u015fru postalar\u0131n reddedilmesine yol a\u00e7abilir.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">MTA-STS, teslim edilebilirli\u011fimi etkiler mi?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Do\u011fru kuruldu\u011funda olumlu; g\u00fcvenlik duru\u015funuzu g\u00fc\u00e7lendirir ve b\u00fcy\u00fck sa\u011flay\u0131c\u0131lar nezdinde g\u00fcven verir. Yanl\u0131\u015f (ge\u00e7ersiz sertifika + enforce) kuruldu\u011funda gelen postay\u0131 engelleyebilir. Genel teslimat sa\u011fl\u0131\u011f\u0131n\u0131z i\u00e7in <a href=\"\/tools\/e-posta-saglik-kontrolu\">e-posta sa\u011fl\u0131k kontrol\u00fcn\u00fc<\/a> ve <a href=\"\/blog\/e-posta-teslim-edilebilirlik-nedir-nasil-artirilir\/\">teslim edilebilirlik rehberini<\/a> kullan\u0131n.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u00d6zet:<\/strong> MTA-STS + TLS-RPT, e-posta trafi\u011finizi araya girme ve dinlemeye kar\u015f\u0131 \u015fifreleyen modern bir g\u00fcvenlik katman\u0131d\u0131r. MX TLS&#8217;inizi do\u011frulay\u0131n, politikay\u0131 <code>testing<\/code> ile yay\u0131mlay\u0131p TLS-RPT raporlar\u0131n\u0131 izleyin, sorun yoksa <code>enforce<\/code>&#8216;a ge\u00e7in. Bunu SPF\/DKIM\/DMARC ve BIMI ile birlikte uygulayarak e-posta g\u00fcvenli\u011finizi u\u00e7tan uca tamamlay\u0131n.<\/p>\n\n\n\n<script type=\"application\/ld+json\">\n{\"@context\":\"https:\/\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[\n{\"@type\":\"Question\",\"name\":\"MTA-STS g\u00f6nderdi\u011fim postalar\u0131 m\u0131, bana geleni mi korur?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Alan ad\u0131n\u0131z\u0131n MTA-STS politikas\u0131 size gelen postada TLS'i zorunlu k\u0131lar; g\u00f6nderen sunucular politikan\u0131z\u0131 okur. Giden postalar\u0131n\u0131z\u0131n \u015fifreli gitmesi i\u00e7in g\u00f6nderdi\u011finiz alanlar\u0131n politikalar\u0131na sizin sunucunuzun uymas\u0131 gerekir.\"}},\n{\"@type\":\"Question\",\"name\":\"enforce moduna hemen ge\u00e7ebilir miyim?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"\u00d6nerilmez. \u00d6nce testing modunda TLS-RPT raporlar\u0131yla MX\/sertifika sorunlar\u0131n\u0131 ay\u0131klay\u0131n. Hatal\u0131 sertifika veya eksik MX ile do\u011frudan enforce'a ge\u00e7mek, gelen me\u015fru postalar\u0131n reddedilmesine yol a\u00e7abilir.\"}},\n{\"@type\":\"Question\",\"name\":\"MTA-STS teslim edilebilirli\u011fimi etkiler mi?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Do\u011fru kuruldu\u011funda olumlu; g\u00fcvenlik duru\u015funu g\u00fc\u00e7lendirir. Ge\u00e7ersiz sertifika ile enforce moduna ge\u00e7mek ise gelen postay\u0131 engelleyebilir. Bu y\u00fczden testing modunda do\u011frulama \u015fartt\u0131r.\"}}\n]}\n<\/script>\n\n","protected":false},"excerpt":{"rendered":"<p>SPF, DKIM ve DMARC e-postan\u0131n kimli\u011fini do\u011frular \u2014 ama mesaj sunucular aras\u0131nda giderken \u015fifreli gitti\u011fini garanti etmez. SMTP, \u015fifreleme zorunlulu\u011fu olmadan tasarland\u0131; STARTTLS ise &#8220;f\u0131rsat\u00e7\u0131&#8221; (opportunistic) \u00e7al\u0131\u015f\u0131r ve bir sald\u0131rgan taraf\u0131ndan devre d\u0131\u015f\u0131 b\u0131rak\u0131labilir (downgrade\/stripping sald\u0131r\u0131s\u0131), bu da e-postalar\u0131n\u0131z\u0131n d\u00fcz metin olarak dinlenmesine yol a\u00e7abilir. \u0130\u015fte MTA-STS tam burada devreye girer: alan ad\u0131n\u0131za gelen postada &#8230; <a title=\"MTA-STS ve TLS-RPT Nedir? E-posta Trafi\u011finizi Zorunlu TLS ile \u015eifreleme Rehberi\" class=\"read-more\" href=\"https:\/\/rbl.watch\/blog\/mta-sts-tls-rpt-nedir-zorunlu-tls-rehberi\/\" aria-label=\"Read more about MTA-STS ve TLS-RPT Nedir? E-posta Trafi\u011finizi Zorunlu TLS ile \u015eifreleme Rehberi\">Devam\u0131n\u0131 oku<\/a><\/p>\n","protected":false},"author":2,"featured_media":354,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-eposta-guvenligi"],"_links":{"self":[{"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/posts\/353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/comments?post=353"}],"version-history":[{"count":0,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/posts\/353\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/media\/354"}],"wp:attachment":[{"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/media?parent=353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/categories?post=353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/tags?post=353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}